I'm working on a insert form for my movie database and I have some code working and will be adding more to it, but I wanted to know if there was a better way to go about doing some of this or if I have made a huge coding error. I'm still learning php and haven't gotten that far into my studies of php yet, but I know this code works at the moment. So I would appreciate any feedback.

Thanks for the help.

form:

<html>

<head>
<title>Form Input Data</title>
</head>

<body>
<table border="1">
  <tr>
    <td align="center">Form Input Data</td>
  </tr>
  <tr>
    <td>
      <table>
        <form method="post" action="VER2.php">
        <tr>
          <td>Code</td>
          <td><input type="text" name="Code" size="10">
          </td>
        </tr>
        <tr>
          <td>Title</td>
          <td><input type="text" name="Title" size="128">
          </td>
        </tr>
        <tr>
          <td>Alt_Title</td>
          <td><input type="text" name="Alt_Title" size="128">
          </td>
        </tr>
        <tr>
          <td>Type</td>
          <td><input type="text" name="Type" size="10">
          </td>
        </tr> 
        <tr>
          <td>Synopis</td>
          <td><input type="text" name="Synopis" size="128">
          </td>
        </tr> 
        <tr>
          <td>Num_Eps</td>
          <td><input type="int" name="Num_Eps" size="12">
          </td>
        </tr>
        <tr>
          <td>Duration</td>
          <td><input type="time" name="Duration" size="">
          </td>
        </tr>
        <tr>
          <td>Total_Duration</td>
          <td><input type="time" name="Total_Duration" size="">
          </td>
        </tr>
        <tr>
          <td>Catagory</td>
          <td><input type="text" name="Catagory" size="25">
          </td>
        </tr>
        <tr>
          <td>Year</td>
          <td><input type="year" name="Year" size="4">
          </td>
        </tr>
        <input type="checkbox" name="GenCode[]" value="Action"> Action <br />
        <input type="checkbox" name="GenCode[]" value="Comedy"> Comedy <br />
        <input type="checkbox" name="GenCode[]" value="Adven"> Adventure <br />
        <tr>
          <td></td>
          <td align="right"><input type="submit" 
          name="submit" value="Sent"></td>
        </tr>
        </table>
      </td>
    </tr>
</table>
</body>
</html>

insert:

<?php

mysql_connect("localhost","root","root");//database connection
mysql_select_db("test");

$Code = $_GET['Code'];
//inserting data order
$order = "INSERT INTO MOVIES
            (Code, Title, Alt_Title, Type, Synopsis, Num_Eps, Duration, Total_Duration, Catagory, Year)
            VALUES
            ('" .addslashes( $_POST['Code'] ). "',
            '" .addslashes( $_POST['Title'] )."',
            '" .addslashes( $_POST['Alt_Title'] )."',
            '" .addslashes( $_POST['Type'] )."',
            '" .addslashes( $_POST['Synopsis'] )."',
            '" .addslashes( $_POST['Num_Eps'] )."',
            '" .addslashes( $_POST['Duration'] )."',
            '" .addslashes( $_POST['Total_Duration'] )."',
            '" .addslashes( $_POST['Catagory'] )."',
            '" .addslashes( $_POST['Year'] )."')";

//declare in the order variable
echo "order: $order";
$result = mysql_query($order);  //order executes
if($result){
    echo("<br>Input data is succeed");
} else{
    echo("<br>Input data is fail");
}

mysql_close($mysql_connect);

$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test");
$Code = $_GET['Code'];

if(isset($_POST['GenCode']))
{ 
     foreach($_POST['GenCode'] as $value) {
          $insert="INSERT INTO MOVIEGENRES (MovieCode, GenCode) VALUES ('" .addslashes( $_POST['Code'] ). "','$value')";
     mysql_query($insert);
    }
    echo $insert;
    echo " ";
}
mysql_close($con);
?>

don't insert value like this $_POST['Code'] firstly put them in some variable then use that varible istead of using $_POST['Code'] this for example you can use $code=$_POST['Code']

So your saying for all of these:

            ('" .addslashes( $_POST['Code'] ). "',
            '" .addslashes( $_POST['Title'] )."',
            '" .addslashes( $_POST['Alt_Title'] )."',
            '" .addslashes( $_POST['Type'] )."',
            '" .addslashes( $_POST['Synopsis'] )."',
            '" .addslashes( $_POST['Num_Eps'] )."',
            '" .addslashes( $_POST['Duration'] )."',
            '" .addslashes( $_POST['Total_Duration'] )."',
            '" .addslashes( $_POST['Catagory'] )."',
            '" .addslashes( $_POST['Year'] )."')";

I should have a list of pre-defined variables and call those instead. Should I put them up at the top of the file like in c++? Also is their a reason why I shouldn't do that?

Thanks for the help.

yes you are going right just beacuase you not get any error using variables debugging is easy

Member Avatar for diafol
<table border="1">

(etc) Don't use tables for layout - even for forms.

size="10"

Also avoid this if possible - use CSS or style tags

If you insist on using antiquated mysql_* functions, then use mysql_real_escape_string() on your inputs, otherwise, move over to mysqli_* or PDO.

WHy do you have $_POST['Code'] and $_GET['Code']?

$Code = $_GET['Code'];

That's stated twice.

foreach($_POST['GenCode'] as $value) {

Erk, don't run a query for each iteration in a loop. Simply build up the SQL string with concatentation or array imploding and then just run the ONE query.

commented: Excellent points +7

$_GET['Code'] won't return anything -- your form action is to VER2.php, through POST. There's no query string for retrieving any $_GET data from the URL.

I don't agree with the above statement to replace all your $_POST indexes with variable names. I'd use that if you were doing data validation, but it looks like you're just dropping the data into your DB. As diafol said, replace addslashes() with mysql_real_escape_string(), or better yet switch to mysqli and use its equivalent.

Also, does your database have a column for a unique identifier (like ID), or is Code the primary key?

Thanks for the help. I'll remove the _Get from the file and I'll work on my form input. Is there a good tutorial on switching addslashes to mysqli? Also for the

foreach($_POST['GenCode'] as $value) {

It was the only thing I found so far to help me with multiple check boxes and to input that into the database. I don't really know how it works so I don't mind changing that if you could point me into the right direction.

As for my database Code is the primary key. I'm making a movie database to help keep track of all my movies. I have a movies, genres, formats, movieformats, moviegenres as my main tables right now.

For movies, genres, and formats code is the primary key

as for moviegenres moviecode and gencode are the primary key

and for movieformats moviecode and formcode are the primary key.

Member Avatar for diafol

Is there a good tutorial on switching addslashes to mysqli?

If you read up on mysqli, you'll find you don't need to escape the input if you bind parameters.

It was the only thing I found so far to help me with multiple check boxes and to input that into the database. I don't really know how it works so I don't mind changing that if you could point me into the right direction.

If you have less than 32 genres you could use bitwise operators for storing genres for movies. Note - for this method it's important that this limit should never be broken.

Imagine each genre identified by

1 - horror,2 - action,4 - romance,8 - drama,16 - scifi,32 - western,64 - thriller... etc

So a movie with a genre value of 6 = action and romance, so you could store the value 6 for it instead of two separate records for the movie. Just a thought - I realise that wasn't the thrust of your comment. I could explain further if you're interested.

I'll google mysqli and see what I can find. I have over 32 genres and I might be adding more in the future. At first I had a auto-increment integer for an id value, but having to look up the number every time was a pain. So I decided to go with a code instead.

For example:
adventure = adven

Member Avatar for diafol

OK

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.